We are never surprised by new threats to network security. The cybersecurity landscape is so dynamic, attackers are constantly adapting. In order to keep up, we need to adapt too. Here are four threats that have developed in the past few years of network security: Problem: DDoS attacks—getting bigger and bigger. DDoS is Distributed Denial… Continue reading New Threats To Network Security on the Scene
As the vulnerability remediation experts we’ve made a practice of publishing remedies, fixes, and solutions for the more high-profile vulnerabilities we’ve come across over the years. This blog post will answer, “What is Google Chrome CVE-2020-15999?” but more importantly I’m excited to announce the availability of Vulcan Remedy Cloud as a free and curated database… Continue reading What is the Google Chrome CVE-2020-15999 vulnerability?
TL;DR The BootHole vulnerability is not critical (yet), but it could potentially affect billions of devices worldwide. Exploiting it requires high privileges or physical access. Now while there are no full patches available at this time, we’ve written this blog, and published this episode of The Vulnerability Report, to help you detect vulnerable devices, mitigate the… Continue reading What is the BootHole Vulnerability (CVE-2020-10713)?
Update June 2022: The Vulcan Cyber research team, aka “Voyager18” has worked on mapping CVEs to relevant tactics and techniques from the MITRE ATT&CK matrix. Visit the dedicated site here. While vulnerability management isn’t natively mapped to the MITRE ATT&CK framework by default, using cyber knowledge, data science, machine learning and artificial intelligence, CVEs can be efficiently integrated with ATT&CK in a way that delivers distinct advantages… Continue reading Remediating the MITRE framework and att&ck with VM
SMBleed (CVE-2020-1206), its relation to SMBGhost and how to fix them The SMBleed vulnerability (CVE-2020-1206) allows an attacker to read uninitialized kernel memory. It happens in the same function as SMBGhost (CVE-2020-0796), a bug in the compression mechanism of SMBv3.1.1, as explained in a previous blog.
Over the past couple of weeks, we’ve seen some high profile security threats that require your immediate attention. In this digest we’ve rounded them all up. Now in order to help you address these threats, I’ve added actionable steps for you to follow in order to mitigate these risks.
The Coronavirus pandemic has drastically changed our reality in a blink of an eye. With WFH and social distancing becoming the new norm. While these measures are key to reducing the risk of contracting COVID-19, from a security standpoint working from home introduces other risks.
In March 2020, Microsoft released an official advisory about a critical vulnerability called SMBGhost or CVE-2020-0796. With a CVSS:3.0 score of 10.0, SMBGhost is considered a critical vulnerability and is “wormable” with the potential to replicate and spread over networks. Let’s dive into the SMBGhost vulnerability, its impact, and how you can mitigate it to… Continue reading What is the SMBGhost Vulnerability (CVE-2020-0796)?
The Apache Tomcat servers that have been released over the last thirteen years are vulnerable to a bug known as “Ghostcat” (CVE-2020-1938) that allows hackers to take over unpatched systems. Discovered by Chinese cybersecurity firm Chaitin Tech, Ghostcat is a flaw in the Tomcat AJP protocol.